“Data privacy is a useful tool to regulate AI”
To start with, regulation must not be perceived as synonymous with “controlling the technology,” rather, it is about “controlling the rate.” Driving fast is pleasurable up to a point, beyond, it’s dangerous. Till now, the focus largely remained on algorithms when it comes to regulating AI, however recent developments in Europe with GDPR, and California’s new privacy law demonstrate that data regulation can be another tool for constraining the contexts in which AI technologies can be deployed.
India is embracing AI, both at the public and private fronts. More broadly, given AI’s reliance on massive amounts of data, regulating AI through data privacy legislation is not only logical to some level but also a viable regulatory strategy that lawmakers should carefully consider as they explore ways to mitigate AI’s risks.
Several concerns remain, on one hand, there are concerns that heavy-handed or over-regulation will result in stifling innovation. AI’s prospects are restricted if developers may only use data for pre-defined purposes. On the other hand, individuals are concerned about their privacy which is significantly undermined in light of AI systems such as wearable devices, house assistants, facial recognition technology, etc., that collect and process data in real-time and at a personal level. A middle ground needs to be laid out. Now have a quick view of the timeline for the data protection bill, below.
- 2017 – Supreme Court interpreted “informational privacy” as a fundamental right;
- 2018 – the Ministry of Commerce and Industry and Niti Aayog each unveiled their own national AI roadmaps. Both roadmaps stressed the need of resolving privacy problems in the context of AI and supported the adoption of strong privacy legislation;
- 2018 – The Srikrishna Committee released a draft Personal Data Protection Bill;
- 2019 – Personal Data Protection Bill (PDP Bill) was referred to a Joint Parliamentary Committee;
- 2021 – JPC presented its 542 pages report on the PDP Bill in parliament.
How to find an intersection
Law must not be ambiguous in nature; it should be crisp and crystal clear for even a common man to understand. Going by the same logic, a clear-cut provision regarding data collection and its use by enterprises employing AI should be laid out. Take a simple provision of California’s privacy law, for instance, that forbids businesses from using consumers data for purposes other than those for which it was collected. This means that if you acquire data from a California resident for one reason, you can’t use it to train a machine-learning model without their permission if the reuse isn’t in line with the initial reason for collection. Hence, the provision is not only effective but is balancing with a strike at the roots of AI, data.
Research shows that despite rapid growth, the field of explainable artificial intelligence (XAI) is still in its mature stage without any agreed-upon definitions and is plagued by a lack of formality. Despite the fact that a large number of machine learning interpretability techniques and research have been established in academia, machine learning workflows and pipelines rarely use them. Even if we consider it in use, passing on decision-making processes to common citizens are of limited value. Rather, the focus should be made on providing consumers information about which set of their personal data is used to arrive at solutions, mention the origin to certify whether their permission was secured at that point or not.
“The right to privacy is a fundamental right and it also includes the right to be forgotten” – MeitY
With provisions related to the “right to be forgotten” present in the original data protection bill of 2019, the law should empower consumers with the right to know, correct, and even delete their data in different machine learning models. This takes us to the newly developed technique from Stanford researchers called “approximate deletion.” It prevents individuals from getting identified from data present in the model while assuring businesses and computer scientists that their models function as planned. Multiple techniques such as using GANs to create synthetic data, federated learning, matrix capsules proposed by Google scholar Geoff Hinton, etc., exist to reduce the need for having large training data.
One can be quite hopeful that AI and solutions towards enhancing privacy in the context of AI will be one of the major focus areas of the data protection act when enacted in its final shape. It will also be interesting to note how impact assessment related to AI can be made and what tools will emerge to strike a balance between innovation and individual privacy.
Source: indiaai.gov.in
